There's a new piece of nasty Android malware floating around that Android users should be on the lookout for. Masquerading as a update for Google's mobile Chrome browser, the malware is hosted on webpages designed to look like they are official Google or Android landing pages. Originally spotted by the security firm Zscaler , the malware is designed to monitor call logs, browser history, text messages and banking information. Once installed, the malware logs the aforementioned data and sends it all back to a remote command and control server. What's more, Zscaler notes that the malware is capable of checking if a user has any antivirus apps installed, and if so, "terminating them to evade detection." DON'T MISS: Time to cut the cord: $95 gets you a Fire TV and free network TV in HD for life So while user's should be extra vigilant about this malware, we should note that installation can only occur if a user turns off a default Android setting which prevents the installation of software from non-approved sources. Tom's Guide notes : After downloading the APK file, users would need to disable one of Android’s default security settings which prevents the installation of programs from unknown sources. Once that’s done and the target gives Update_chrome.apk administrative access, the malware registers the phone with its remote server, and monitors all SMS messages and calls, which it sends to remote servers. If users open the Play Store on an infected device, the malware presents a phony payment information page for entering credit card numbers. After that data is entered, a screenshot is then sent to a phone number in Russia, which doesn't sound like a safe way to store your banking data. As if that weren't nasty enough, the malware is extremely resilient can only be thoroughly removed when a user performs a factory reset on their device. Moral of the story? The openness of Android is obviously one of its major benefits, but you might want to stick with the Google Play store or other approved storefronts for now.
By David Ingram NEW YORK (Reuters) - A Russian man who spent about three years behind bars in the United States for creating the computer malware known as Gozi was ordered on Monday to pay $6.9 million to cover losses to bank customers but spared further U.S. prison time. Nikita Kuzmin, 28, could have received more prison time but was sentenced to time served at a hearing in Manhattan federal court, prosecutors said in a statement. A probation office had recommended a sentence of 84 months, although it said it was not taking into account any assistance Kuzmin provided to investigators, prosecutors said.
Hackers looking to break into companies could do so with the help of a $350 device that can be purchased online from Amazon or eBay, new research shows. By taking advantage of the way most employee ID badges work, hackers could simply manufacture counterfeit access cards that would work just like the original badges. DON’T MISS: Time to cut the cord: $95 gets you a Fire TV and free network TV in HD for life Researchers from RedTeam Security showed Tech Insider how easily it is to clone an access card belonging to any employee by simply roaming around. The hackers did not have to steal personal information belonging to that person and instead used a much simpler trick. Using a particular device that costs just $350, researchers pretended to visit a target company. "[We] got the big, long range reader from Amazon," RedTeam Security consultant Matt Grandy said. "They're also all over on eBay." The attacker, posing as a student who requested a tour, carried the gadget in a seemingly harmless laptop bag that intercepted the unencrypted communication that takes place between an access card the moment it approaches a target. These work IDs use radio-frequency identification (RFID) to talk to doors and unlock them. Unfortunately, the data traffic isn’t protected by encryption, which means that it can be picked up by intrepid hackers armed with this device. Purchased from Amazon, the portable RFID badge reader can grab card data up to three feet away. When positioned close enough to a target, the device grabs the data from the card who’s trying to communicate with it and writes it on a microSD card. That means malicious individuals simply have to find a reason to be in the vicinity of a known employee to try to grab his or her credentials. The data is then transferred to a computer, where a $300 device called a Proxmark can write it on a fake employee badge. Using the manufactured card, hackers can then access any doors that badge is allowed to open. There are ways that companies and employees can protect themselves against such attacks. One of them is using encryption to protect RFID data. The other one is using RFID-blocking sleeves for access cards – you can purchase them on Amazon at this link .
DUBAI, United Arab Emirates (AP) — Qatar's largest bank acknowledged Sunday that some personal customer data that was leaked online may be authentic, and said it has hired an outside expert to review potential vulnerabilities to its computer systems.
Qatar National Bank, the Middle East's largest lender by assets, said it had taken immediate steps to ensure customers would not suffer any financial loss after a security breach last week exposed personal data of thousands of clients.
By Joseph Ax NEW YORK (Reuters) - A group of hackers linked to Islamic State has posted online a list of thousands of New York residents and urged followers of the militant group to target them, according to a source with knowledge of the matter. Federal agents and New York City police officers have been contacting the individuals on the list to inform them of the posting, but the source said law enforcement does not believe there is any credible threat. In a statement, the Federal Bureau of Investigation said, "While our standard practice is to decline comment on specific operational and investigative matters, the FBI routinely notifies individuals and organizations of information collected during the course of an investigation that may be perceived as potentially threatening in nature." The list includes names, home addresses and email addresses.
Ted Lieu is one of the few bona fide computer geeks in Congress. Even if you didn’t already know the California Democrat is one of only four congressmen (out of a total of 535) with a computer science degree, it’s the kind of thing that quickly becomes apparent when talking to the Stanford grad about a range of privacy and encryption matters. For starters, he recently downloaded and started using WhatsApp, the Facebook-owned messaging platform that earlier this month defaulted to end-to-end encryption for all users. He’s not only a supporter of strong encryption without backdoors — Lieu considers it “a national security priority.” DON'T MISS: Completely change the look of your iPhone with round folder icons, no jailbreak needed Earlier this year, he co-sponsored legislation that would introduce a National Commission on Security and Technology Challenges. Essentially, it would impanel a group of digital security experts to make recommendations on how law enforcement can pursue investigations without undermining privacy protections or the competitiveness of U.S. tech companies. It’s also not every day you hear a sitting U.S. congressman ask you, as Lieu did during a conversation with BGR: “Hey, by the way, do you watch ‘Mr. Robot?’ … I actually don’t think the show is far-fetched at all.” As the idealogical fault lines over encryption and privacy continue to sharpen and government officials past and present continue moving over to this or that side of the line, Lieu represents an influential addition to the debate. Notwithstanding his membership in the minority party in the House, he’s a current federal lawmaker who thinks that writing new laws around encryption and privacy is something the government isn’t ready to tackle quite yet. “My general view is I’m a great believer in both state and federal legislatures,” Lieu told BGR. At the same time, though, Lieu thinks that persuading lawmakers to pass legislation that tries to prevent situations like the recent flap between the FBI and Apple over an iPhone belonging to one of the San Bernadino shooters isn’t the right approach. “(Legislatures) do a lot of good for America, but there are some things we’re not,” he continued. “We are not nimble. We are not quick. We’re not elegant. And the law is often a very blunt instrument to try to address a problem. With technology, it’s pretty much the exact opposite of all of those characteristics. My view is you have to have very precise and well-written laws to address issues on technology. That’s often hard to do. And if you can’t do it right, my view is we shouldn’t be doing it at all.” Former Homeland Security Secretary Michael Chertoff, who today has a security consultancy called the Chertoff Group, is among a set of ex-national security types mentioned in a New York Times piece a few days ago who - perhaps surprisingly - side with Lieu when it comes to encryption. They include officials like former director of national intelligence Mike McConnell; former CIA director R. James Woolsey and former White House counterterrorism official Richard Clarke, among others. This is from a 28-page report prepared by the Chertoff group about encryption: “Efforts to constrain encryption through forms of extraordinary access (for law enforcement) will inevitably introduce vulnerabilities into the security of consumer products in ways that are likely to have an adverse long-term effect on the security, privacy, and civil liberties of citizens … our conclusion is that a mandate to require extraordinary lawful access to commercial encryption products would incur greater social, security, and economic costs than the benefits it would achieve. Based on what we know today from the public record, we recommend against the enactment of (an) extraordinary lawful access requirement.” Lieu, for his part, thinks now is also the least ideal time for congress to try to get involved. “That’s why you have (defense secretary) Ash Carter coming out publicly saying he’s a strong believer in stro
By Dustin Volz WASHINGTON (Reuters) - The Supreme Court on Thursday approved a rule change that would let U.S. judges issue search warrants for access to computers located in any jurisdiction despite opposition from civil liberties groups who say it will greatly expand the FBI's hacking authority. U.S. Chief Justice John Roberts transmitted the rules to Congress, which will have until Dec. 1 to reject or modify the changes to the federal rules of criminal procedure.
By George Obulutsa NAIROBI (Reuters) - Online activists who claim ties to Anonymous said on Thursday they had begun to leak documents from Kenya's foreign ministry as part of a campaign to expose government and corporate corruption across Africa. HackRead, a cyber security news site, reported that a hacker affiliated with "Operation Africa" had told it: "In (a) few days you will receive full disclosure of the data – We the Anonymous will stand against corruption, child abuse, and child labour!" A link to a sample of 95 documents was published to a widely known Anonymous Twitter account, part of what it claimed was a one-terabyte stash of date from Kenya's Ministry of Foreign Affairs and International Trade. The documents, viewed by Reuters, appear to consist of mostly routine correspondence between Kenyan foreign ministry officials and other diplomatic missions, trade partners and international companies around the world.
The Oakbrook Terrace, Illinois-based company said it had net income of 6 cents per share. Earnings, adjusted for amortization costs and non-recurring costs, were 14 cents per share. The Internet security ...
• Texas man in Iowa to face lottery jackpot fraud charges (May 02, 2016)
• Canada's Goldcorp says computer network hacked (May 02, 2016)
• ISIS is assembling a cyber army (May 02, 2016)
• Google’s 2016 Nexus phones are probably going to be unbeatable (May 02, 2016)
• That time a Windows 10 update alert ruined a live TV broadcast (May 02, 2016)
• Tennessee law to allow counselors to deny service based on beliefs (May 02, 2016)
• FBI says it won't disclose how it accessed locked iPhone (May 02, 2016)
• Philippine central bank says foiled attempts to hack its website (May 02, 2016)
• Wall Street watchdog has unfinished business with bad brokers (May 02, 2016)
• Qatar's largest bank investigating alleged data breach (May 02, 2016)
• Qatar National Bank investigating alleged data hack (May 02, 2016)
• The FBI’s Most-Wanted Cybercriminals (May 02, 2016)
• German nuclear plant infected with computer viruses, operator says (May 02, 2016)